General
-
Target
8d1eb69334dee45138506e742158c35ed890071fa66d038c0142c54ba18af032
-
Size
415KB
-
Sample
240417-p7sv8ahg3v
-
MD5
cf8a5517df56ee4003a71823e3059f38
-
SHA1
0d49e04c51a2a0bf0639cdfcf6835edee35cd0a5
-
SHA256
8d1eb69334dee45138506e742158c35ed890071fa66d038c0142c54ba18af032
-
SHA512
202d964f78c200e9c41c46d3da264b4fcbce60446919750782299e23e699cd2e4fcbb20d05f5b52d337d16b35745ffcfa3ce678a6bc4472248dc5e00335f70ba
-
SSDEEP
12288:fHlXTiu2sqTO87dLBcoFTaGyQg2dG9HwEOK9/xhL:fJTXTuH7dtZgig2ds0KZxt
Malware Config
Targets
-
-
Target
3b7b020f8ce69d4b810468c03b4bfd1cc6e56080c7b754cafebfd4ba500c7855.exe
-
Size
827KB
-
MD5
81f8eacc0997ace2ee1d89b25391783c
-
SHA1
7d880a37dc2ea2819e9081f0eb97d75c4ac63763
-
SHA256
3b7b020f8ce69d4b810468c03b4bfd1cc6e56080c7b754cafebfd4ba500c7855
-
SHA512
ba138c654a421f33ba9adc40c42db3dc167cabc6a96e0cb0a78b3f76a853f67f3519d16c7ad1b2c5c2d8fc06b3d9ba1ac5d5eea58c15bea0c453c65143cfb443
-
SSDEEP
24576:TYMB0+EFNTfgJyzf/0X807GUj1sVr46Ec:TYMBiFNT3zfkG81q0F
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-